beautypg.com

Draytek VIGOR 2700GE/E User Manual

Page 43

background image

Vigor2700Ge/e User’s Guide

38

S

S

t

t

a

a

t

t

e

e

f

f

u

u

l

l

P

P

a

a

c

c

k

k

e

e

t

t

I

I

n

n

s

s

p

p

e

e

c

c

t

t

i

i

o

o

n

n

(

(

S

S

P

P

I

I

)

)

Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy
static packet filtering, which examines a packet based on the information in its header, stateful
inspection builds up a state machine to track each connection traversing all interfaces of the
firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine
the header information also monitor the state of the connection.

I

I

n

n

s

s

t

t

a

a

n

n

t

t

M

M

e

e

s

s

s

s

e

e

n

n

g

g

e

e

r

r

(

(

I

I

M

M

)

)

a

a

n

n

d

d

P

P

e

e

e

e

r

r

-

-

t

t

o

o

-

-

P

P

e

e

e

e

r

r

(

(

P

P

2

2

P

P

)

)

A

A

p

p

p

p

l

l

i

i

c

c

a

a

t

t

i

i

o

o

n

n

B

B

l

l

o

o

c

c

k

k

i

i

n

n

g

g

As the popularity of all kinds of instant messenger application arises, communication cannot
become much easier. Nevertheless, while some industry may leverage this as a great tool to
connect with their customers, some industry may take reserve attitude in order to reduce
employee misusage during office hour or prevent unknown security leak. It is similar situation
for corporation towards peer-to-peer applications since file-sharing can be convenient but
insecure at the same time. To address these needs, we provide IM and P2P blocking
functionality.

D

D

e

e

n

n

i

i

a

a

l

l

o

o

f

f

S

S

e

e

r

r

v

v

i

i

c

c

e

e

(

(

D

D

o

o

S

S

)

)

D

D

e

e

f

f

e

e

n

n

s

s

e

e

The DoS Defense functionality helps you to detect and mitigate the DoS attack. The attacks
are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the
vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the
protocol or operation system.

The DoS Defense function enables the Vigor router to inspect every incoming packet based on
the attack signature database. Any malicious packet that might duplicate itself to paralyze the
host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning, if
you set up Syslog server.

Also the Vigor router monitors the traffic. Any abnormal traffic flow violating the pre-defined
parameter, such as the number of thresholds, is identified as an attack and the Vigor router will
activate its defense mechanism to mitigate in a real-time manner.

The below shows the attack types that DoS/DDoS defense function can detect:

1. SYN flood attack
2. UDP flood attack
3. ICMP flood attack
4. TCP Flag scan
5. Trace route
6. IP options
7. Unknown protocol
8. Land attack

9. Smurf attack
10. SYN fragment
11. ICMP fragment
12. Tear drop attack
13. Fraggle attack
14. Ping of Death attack
15. TCP/UDP port scan